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CLAIMS 

What is claimed is: 



1 LA method of initializing a security module, the method comprising the acts of: 

2 determining if the security module is a controlling security module or a subordinate 

3 security module; 

4 generating at least one key if the security module is the controlling security module; 

5 and 

6 receiving at least one key from another security module if the security module is the 

7 subordinate security module. 

1 2. The method, as set forth in claim 1, comprising the act of initializing the 

2 security modules in a system so that the security module has at least one common key with 

3 another security module. 

1 3. The method, as set forth in claim 1, wherein the security module comprises a 

2 trusted platform module (TPM). 

1 4. The method, as set forth in claim 1 , comprising the act of measuring a system 

2 once the at least one key is generated. 

1 5. The method, as set forth in claim 4, wherein the controlling security module 

2 measures the system. 
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1 6. The method, as set forth in claim 4, comprising the act of copying the 

2 measurement of the system into the subordinate security module. 

1 7. The method, as set forth in claim 1, wherein the at least one key comprises an 

2 endorsement key. 

1 8. The method, as set forth in claim 1, wherein the at least one key comprises a 

2 private key and a public key. 

1 9. The method, as set forth in claim 1 , comprising the act of accessing a lock bit 

2 to determine if the security module is the controlling security module or the subordinate 

3 security module. 

1 10. The method, as set forth in claim 9, wherein the lock bit is a setting within 

2 memory of the system. 

1 11. The method, as set forth in claim 10, comprising accessing the lock bit via a 

2 bus coupled to the security module and the memory or via a bus and a input/output controller 

3 coupled between the security module and the memory. 

1 12. The method, as set forth in claim 10, comprising the act of determining if the 

2 security module in the system is initialized. 

1 1 3 . A security module, comprising: 
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1 a detector that is adapted to determine if the security module is a controlling 

2 security module or a subordinate security module; 

3 a key generator that generates a key for the security module if the security 

4 module is the controlling security module; and 

5 a key receiver that receives the key from another security module if the 

6 security module is the subordinate security module. 

1 14. The security module set forth in claim 13, wherein the security module 

2 comprises a trusted platform module ("TPM"). 

1 15. The security module set forth in claim 14, wherein the security module is 

2 adapted to determine if the security module has undergone TPM initialization. 

1 16. The security module, as set forth in claim 14, wherein the key comprises an 

2 endorsement key. 

1 17. The security module, as set forth in claim 14, wherein the key comprises a 

2 private key. 

1 18. The security module set forth in claim 13, wherein the security module is 

2 adapted to measure a computer system if the security module is the controlling security 

3 module. 



23 



200314542-1 

1 19. The security module set forth in claim 13, wherein the security module is 

2 adapted to access a lock bit to determine if the security module is the controlling security 

3 module or the subordinate security module. 

1 20. The security module set forth in claim 19, comprising accessing the lock bit 

2 via a bus coupled to the security module and the memory or via a bus and a input/output 

3 controller coupled between the security module and the memory. 

1 2 1 . A security module, comprising: 

2 means for determining if another security module is a controlling security module or a 

3 subordinate security module; 

4 means for generating at least one key for the other security module if the other security 

5 modules is the controlling security module; and 

6 means for receiving at least one key from the other security module if the other 

7 security module is the subordinate security module. 

1 22. The security module as set forth in claim 2 1 , wherein the controlling security 

2 module is adapted to measure a computer system. 

1 23. A computer system, comprising: 

2 a processor; 

3 a hard disk operatively coupled to the processor and configured to store data for the 

4 processor; 
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5 a memory operatively coupled to the processor and configured to store data retrieved 

6 from the hard disk for use by the processor; 

7 a video controller operatively coupled to the processor and configured to produce a 

8 display signal; 

9 a first security module and a second security module, each operatively coupled to the 

10 processor and the memory, the first and second security modules being configured to: 

1 1 determine whether the first security module or the second security module is a 

12 controlling security module or a subordinate security module; 

13 generate at least one key for the first security module or the second security module 

14 depending on whether the first security module or the second security module 

15 is the controlling security module; and 

16 receiving at least one key from the first security module or the second security module 

17 depending on whether the first security module or the second security module 

18 is the subordinate security module. 

1 24. The computer system set forth in claim 23, wherein the first security module 

2 and the second security module each comprise a trusted platform module ("TPM"). 

1 25. The computer system set forth in claim 24, wherein the at least one key 

2 comprises an endorsement key. 

1 26. The computer system set forth in claim 24, wherein the at least one key 

2 comprises a private key and a public key. 
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1 27. The computer system set forth in claim 23, wherein the first security module 

2 and the second security module are each adapted to determine if that security module has 

3 undergone TPM initialization. 

1 28. The computer system set forth in claim 23, wherein the controlling security 

2 module is adapted to measure a computer system. 

3 29. The computer system set forth in claim 23, wherein the first security module 

4 and the second security module are adapted to access a lock bit to determine if that security 

5 module is the controlling security module or the subordinate security module. 

1 30. The computer system set forth in claim 23, wherein the memory and the first 

2 security module are connected together on a bus and communicate through a bridge with the 

3 processor. 

1 3 1 . A method of initializing a plurality of security modules in a computer system, 

2 the method comprising the act of: 

3 initializing each of the plurality of security modules so that each of the plurality of 

4 security modules has at least one common key. 

1 32. The method, as set forth in claim 3 1 , wherein each of the plurality of security 

2 modules comprises a trusted platform module ("TPM"). 
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1 33. The method, as set forth in claim 31, comprising accessing a lock bit in a 

2 memory by each of the plurality of security modules if the security module has not been 

3 initialized. 

1 34. The method, as set forth in claim 33, wherein at least one of the plurality of 

2 security modules is coupled to a bus that connects to the memory. 

1 35. The method, as set forth in claim 3 1 , comprising booting the computer system 

2 once the plurality of security modules is initialized. 

1 36. A networked computer system comprising: 

2 a plurality of computer systems; 

3 a network coupled to each of the plurality of computer systems; 

4 at least one of the plurality of computer systems comprising: 

5 a first security module and a second security module being configured to: 

6 determine whether the first security module or the second security module is a 

7 controlling security module or a subordinate security module; 

8 generate at least one key for the first security module or the second security 

9 module depending on whether the first security module or the second 

10 security module is the controlling security module; and 

1 1 receiving at least one key from the first security module or the second security 

12 module depending on whether the first security module or the second 

1 3 security module is the subordinate security module. 
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37. The system, as set forth in claim 36, wherein the first and the second security 
modules comprise a trusted platform module ("TPM"). 
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